Configuring Application Security Settings

After the application is created, you need to add users who will work with it. Within the application, a user must be added to one of the default or custom roles, each of which implies a particular set of permissions.

Users can be added individually or in bulk by groups.

Default security roles

Comindware Tracker provides 4 default security roles, each of which implies a particular set of permissions.

•

Owners

o

Can add and remove users or user groups to/from the application.

o

Full control over the application's items, including deleting and editing them.

o

Can create and edit lists and dashboards that belong to the application.

•

Members

o

Can create and manage the application's items but cannot delete them (including self-created items).

o

Can add the application's lists and dashboards to Favorites.

o

Can create and edit personal lists and dashboards in My Desktop.

•

Viewers

o

Can view all the application's items (read-only).

o

Can add the application's lists and dashboards to Favorites.

o

Can create and edit personal lists and dashboards in My Desktop.

•

Requestors

o

Can create items in the application.

o

Can view and modify only self-created items.

o

Can add the application's lists and dashboards to Favorites (the Comindware Tracker Full license has to be assigned).

o

Can create and edit personal lists and dashboards in My Desktop (the Comindware Tracker Full license has to be assigned).

Requestor permissions can be assigned to users with the Comindware Tracker Full license and Comindware Tracker Requestor license.

The following table represents the default roles. Besides the permissions provided for by your role, you may view and modify all tasks assigned to you.

Actions

Default roles

Owners

Members

Viewers

Requestors (users who have Full License)

Modifying an app settings

Yes

Creating and modifying any lists

Yes

Creating new items

Yes

Yes

Yes

Modifying any items

Yes

Yes

Modifying self-created items

Yes

Yes

Yes

Deleting items

Yes

Deleting self-created items

Yes

Viewing all items

Yes

Yes

Yes

Viewing self-created items

Yes

Yes

Yes

Yes

The set of permissions in a default role cannot be changed. In order to create a custom set of permissions, add a custom role.

Adding a custom role

When configuring an application security settings, a need in a new set of permissions may arise. To create it, you have to add a custom role to the application (as the default role permissions are unalterable).

To add a custom role:

1.

Go to the
Application Setup -> Security.

2.

Choose Add a New Role (under the Roles list).

Adding a custom role

3.

On the Users tab, enter the role name and add individual users or user groups to the role.

On the Data Access tab, define which application fields are to be accessible for the role holders.

6.

When done, click Save & Close.

Adding users to a role

In order to work with an application, a user must be added to one of the application default or custom roles. You can add users individually or in bulk by groups.

Users are to be allocated to their roles by the application Owners. By default, the first application Owner is its creator.

To add users to a role:

1.

Go to the
Application Setup -> Security.

2.

In the Roles list, select the role.

3.

On the Users tab, add/remove individual users or user groups by using the Add, Add All, Remove, Remove All buttons.

4.

When finished, click the Save & Close button.

Managing role holders

Assigning permissions to a role

Each default role has a predetermined set of permissions that you cannot change. You may assign permissions only to a custom role.

Besides the permissions provided for by your role, you may view and modify all tasks assigned to you.

To assign permissions to a custom role:

1.

Go to the
Application Setup -> Security.

2.

In the Roles list, select the role.

3.

On the Permissions tab, check the relevant permissions.

4.

When done, click Save & Close.

Assigning permissions to a role

Data access for a role

It often happens that certain users are not supposed to see or modify particular data pieces. For example, budgets must be open only for accountants; it's but a product manager who can change the target release, etc.

In Comindware Tracker you can handle such situations by defining which application fields for which roles are to be accessible.

The settings can be done for both custom and default roles. For each role, fields are assigned one of the following statuses: Hidden, Read-only and Editable.

Note:

•

Field read/write permissions are also applied concerning a particular step - in the step properties.

•

Should permissions in
Step properties and in Application Security overlap, a prohibitive rule is always predominant. For example, if you make a field read-only on some step, it's impossible to change the field on this step, even having the relevant permissions in the
Application Security. And so forth.